[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NFS security

Hello all. I just recently set up my first NFS share between several PC's. I'd read about it, seen it in action, but never done it myself. The setup I did was a very vanilla (I think) configuration. However, I was wondering about how systems like this are secured. It seems to me that the only protection in place is that NFS limits the various exports by IP address. However, this could easily be circumvented by someone sniffing packets on a network and then setting their IP to one of the permitted IP's in order to gain access. This also seems pretty dangerous given how file ownership is managed across NFS shares. It is not hard to imagine how a would-be attacker could become root on their local machine and copy some files over to the server that allowed them to later become root on that server.

So, I've probably hashed over a bunch of stuff you already knew. My questions are: How do you accomplish filesystem sharing in a homogenous linux environment? If you use NFS, how can you secure it from the weaknesses I mentioned?

Any advice you have would be most appreciated as I have been tasked with building a little workgroup of linux machines that share disk space on a linux server and I want to do the right thing security-wise.

Thanks!
Ken

--
Forti et Fideli nihil difficile – Nothing is difficult to the brave and faithful.